CAC/Smartcard User Info Not Accepted, Must Use Domain Usr/pwd Instead For SSL Site

Sep 9, 2009

Having an issue with random individuals trying to access an intranet site with a security certificate. Most users are able to simply select their Smartcard/CAC certificate, enter the pin number and then are granted access to the site's pages.

However, random individuals enter their pin and then are immediately re-prompted by the IE alert dialogue to enter their domain username and password. If they don't enter their network domain username and MS password, then they receive a 401.1 Unauthorized.

I am confused as to why these certain users (who are selecting the same certificates as the successful ones) are being prompted for their domain name/pwd. Furthermore, they're able to access other sites which require a CAC to get past the security certificate.

Possible that a user token is unable to be established via a CAC for the particular site, but not sure why. Since these users are getting a 401.1, then somehow their identity associated with their CAC credentials is not validating.

In IIS: Anonymous users are not allowed (unchecked). 128-bit encryption is required with SSL. Integrated Windows Authentication is checked. Accepting client certificates In the site's web.config file all users are allowed and only anonymous are denied.

Developed in asp.net 3.5

We have tried to reproduce the problem in testing and development environments, but have fortunately/unfortunately been unable to duplicate this issue. This furthermore eludes to an issue that might be isolated to the production server, users access to it, and/or the certificate that is applied to that SSL website on that server.

The exact same setup is present on the development box without any issues at all, indicating to me that the problem resides on the production server's ability to properly receive/handle CAC information from those individuals or that something funky is going on with the way the security certificate is relating to the client's CAC x.509 certificate.

A little more information that may be of use: the browser prompt that initially asks for the CAC has nothing to do with the code of the site, but rather is enabled by applying the security certificate to a site in IIS; thus indicating to me that there is something written into the certificate that looks for client certificates tied to the ActivClient agent via the browser?

The violating users' cards work on all other applications and even on SSL sites on other servers that bring up a CAC prompt. I believe we have confirmed that the certificates associated with their cards and their IE browsers are valid through 2015 (or longer in some cases), and are the same in nature (x509 certificate from the card)... and issuer is being consistently selected as DOD Email CA-15 (though the regular DOD CA-15 works as well). Again, maybe something with the fact that it's isolated to one production server, something with the SSL cert. on that url or user access?

Then again, I probably have no idea what i'm talking about, just throwing a bone here to see if anyone has had the same issue or has any ideas.

View 0 Replies


ADVERTISEMENT

Redirect Domain/user To User.domain ONLY IF Folder 'user' Doesn't Exist

May 7, 2007

I thought I knew enough about my .htaccess stuff to do this, but I can't seem to work it out. What I want to do is if a user visits domain.com/folder, we check to see if the folder exists. If so, show as normal (IE domain.com/support)

If a user visits domain.com/dynamicusername (dynamicusername is not a physical folder), redirect to dynamicusername.domain.com

View 3 Replies View Related

Info On User Preferences For CentOS VPS

Oct 26, 2009

info on user preferences when buying a VPS for running CentOS.

Feel free to PM me if you do not want your answers to be publicly displayed.

When you are buying a VPS to run CentOS:

1. Do you want to install the operating system on it or do you want it pre-installed with defaults?

2. Do you want the server to run Gnome desktop or is SSH access enough?

3. If you have it running a desktop, is accessing it using VNC over an SSH tunnel connection acceptable or do you need some other way to access the GUI?

View 6 Replies View Related

Database For Tracking Site Info

Dec 11, 2007

My company is just getting into web hosting. We currently have 10-15 sites that we are hosting. What do you guys use to keep track of all the details for the site (location, company info, etc). We're using a homegrown filemaker database atm, but we don't want to continue using this when we get 50+ sites. It doesn't matter if its web-based or a standalone program.

View 6 Replies View Related

Info To Transfer Domain Out Of IX Hosting

Jun 26, 2008

Summary on Issue I have with IX Hosting

I am disappointed on the option provide to me by IX webhosting to resolved my issue.

Summary:

1. My hosting and domain was handle by a previous staff which is charge to a CC belong to that staff.
2. The staff was fired and he filled a chargeback with his CC without me knowing it on the hosting.
3. Account was then suspended and there isn't anything that I can do about it.

Option left for me:
1. Nothing that IX webhosting is able to do beside asking me to recontact my ex staff to contact his bank which is not possible (the case was closed by the bank according to my ex staff when i was able to contact him).

2. Spending another 1 - 2 year time to rebuilt another website to bring in traffic since the url and hosting are frozen by IX webhosting.

3. Filled a complain to complain board and point this problem out to public where an admin or account making payment for URL and hosting can screwed up the company at any one point while hosting with IX webhosting.

View 7 Replies View Related

FTP- Assign New User To 1st Site

Jul 19, 2008

i have been fumbling around trying to set up a first site on a fresh install of debian on a server... seems like helplessly for hours and hours, trying to figure out how this ftpd works with debian

there are only 2 files from what i see on the server

ftpchroot and ftpusers - i fianlly found the manual 'man ftpd' this helped a little...

i found this in another thread, to maybe help with adding a user, does not work in my setup...

adduser --home /home/username --shell /bin/false username (how do i remove this user that does not work?)

my server path to sites is this
/home/www/html/websitename.com/html

what do i need to do to get ftp to actually work?

View 3 Replies View Related

My Site Blocks For Some User

Apr 12, 2007

well they get permission denied to view the site, i have flushed the server firewall but yet again several user dont get access to view the site...

View 6 Replies View Related

Single User Can't Access Any Site On My Server

Feb 16, 2009

I have a user who says he cannot get to any site on my server from either home or work. He has been a user for many years, and has never had any problems. He has also checked with his IT at work and they confirmed the site is not available. He is computer savvy, so I trust he is telling the truth.

His work and home are only 10 miles apart.

Do you guys have any ideas what could be happening? Is there a DNS entry wrong somewhere? He can't access the site even when putting in the IP address.

There is one other user reporting something similar but other than that no other complaints. The site works fine for everyone else.

site is gm-trucks.com

View 4 Replies View Related

VPS E-gold Accepted

Aug 13, 2008

Who knows VPS provider (located anywhere) accepting e-gold for payments?

View 3 Replies View Related

How Can I Make Sshd Lie About It's Accepted Authentication Methods

May 16, 2008

With my sshd installation, I have password authentication disabled, and only accept key-based auth. What I want to do is, make sshd lie about it's accepted authentication methods, or even make up a few to confuse anyone who's trying to connect. For example,

[root@vps2 ~]# ssh hah.cx
Permission denied (publickey).

I'd like to make it show something like,

[root@vps2 ~]# ssh hah.cx
Permission denied

View 3 Replies View Related

Plesk 11.x / Linux :: Mailbox Disabled - Email Accepted And Not Bouncing

Jul 4, 2014

I have Plesk 11.5.30 Update #47, Centos OS 6.5 x64, MTA Qmail 1.03

Today I encountered a estrange thing, a disabled mailbox was accepting mail but not bouncing it.

In the panel the "user@tld.com" mailbox is disabled, if a email is sent to that address Qmail accepts it:

Jul 4 17:51:35 mx3 qmail-queue-handlers[27432]: Handlers Filter before-queue for qmail started ...
Jul 4 17:51:36 mx3 qmail-queue-handlers[27432]: from=root@mx3
Jul 4 17:51:36 mx3 qmail-queue-handlers[27432]: to=user@tld.com
Jul 4 17:51:36 mx3 qmail-queue-handlers[27432]: handlers_stderr: SKIP

[Code] ....

No mail is bounced, nothing, the message is not in the mailbox.

Tested in several accounts the result is the same, even in a new created account.

View 2 Replies View Related

Exim: User Unknown (domain Forward)

Dec 3, 2007

One of my clients has 2 accounts:

- foo.com, with a mail account info@foo.com.
- bar.com, with domain forwarding to foo.com.

Sending an email message to info@foo.com works.

Sending an email message to info@bar.com doesn't work. When using the ZoneEdit SMTP test utility I get the following error message:


Code:
> RCPT TO:<info@bar.com>
< 550 5.1.1 User unknown: info@bar.com
I checked "/etc/vdomainaliases/bar.com" and "/etc/localdomains", they are configured properly.

Any suggestions?

View 0 Replies View Related

Limiting Cpu/memory Of A Single User/domain In Whm

Jan 21, 2008

i've been researching this but can't seem to find a decent solution.

basically trying to limit the cpu usage of a single domain, or limit accesses per hour if that's possible?

i tried adding an entry in /etc/security/limits.conf which restricts numproc to 2 and then down to 1, but it doens't seem to make any impact on the load. load of the server drops from about 1.5-2 down to 0.02 when this single site is suspended, and i can't have it run wild.

ideally would like a message that says something along the lines of server is too busy... trying again in 5 seconds or something along those lines?

View 5 Replies View Related

How To Create A Subfolder In My Domain And Assign An Ftp User To That Folder

Jun 30, 2009

I need to create a subfolder under my domain name, and assign an ftp user to that folder. I want the user to only have access to that folder, is it possible? can you guys orient me, because I have no idea where to start, my hosting service provider is telling me I can only have one ftp account per domain, maybe I didn't explain correctly to my hosting provider.

View 1 Replies View Related

How To Remove Hosting Account, Domain And User By SSH In My Cpanel Server?

Jun 17, 2008

Currently I have 1 user hosting crash in my cpanel server.

I fail to restore and terminate or recreate his account in whm.

May I know what is the steps to remove and clean the hosting account in ssh?

I user /script/killacct but fail. So, i need manualy to delete user, hositng account and his mysql database in ssh, mode.

View 9 Replies View Related

Plesk 11.x / Linux :: Setting Up Cron Job For Domain User - No Such File Or Directory

Apr 20, 2014

Can't get it working, I want to set up a cron job for a domain user, but seems that there's a problem to find the php executable. The command is:

Code:
/usr/bin/php/ -f /var/www/vhosts/thedomain.com/httpdocs/test.php

But the report says

-: /usr/bin/php/: No such file or directoryClick to expand...

View 3 Replies View Related

Plesk 12.x / Linux :: (Main) - Domain Is Not Shown In User Panel List

Aug 19, 2014

I have a problem with on domain. The domain is the "main-domain" of the customer but it is not shown in the overview /smb/web/view

Not with the User logged in and not with the admin logged in.

But I can change setting, when I call the detail-page manually: /smb/web/overview/id/d:26

I tried to lock/unlock the domain/account, but nothing worked.

I could not see any mistakes in the database.

Deleting and adding the domain would be a trick, but because of having many domains/subdomains and dns-entries this is not my first choice.

View 2 Replies View Related

Different Host And Domain Site

Oct 26, 2008

I want to buy a domain from Godaddy.com and host on a free webhost, that works really great. But I don't wanna get this problem when you visit the forum ->>> mydomain.com, I want it like this ->>> mydomain.com/forum/ and forum/index.php and all that stuff, so you can visit a thread directly.

But in my experiences before, I just got the mydomain.com, even if I visited the forum or an another page. Should I put the DNS or what to get the godaddy domain to work fine with the free webhost?

View 4 Replies View Related

Sub-domain Site Stats

Jan 14, 2007

I thought i may as well post this here having already contacted my host. Just thought you knowledgable people may be able to give me some insight to this?

Well i am creating a sub-domain, and i obviously have site stats with AWStats for my primary domain name. If i was to create a sub-domain say example.sitename.com would i still receive the site stats for the sub as well as the primary one?
Anyone had any experience on this?

as midphase are good but generally take ages to get back to me and their response are rather general,

View 3 Replies View Related

Correct Way To Change A Site's Domain Name

Mar 11, 2009

I'm working on a young site that will be changing its focus and its domain name to reflect the new focus. What is the correct way to change the domain name? In the past, I've simply created a new site in WHM/cPanel under the new domain name and copied the old site (and database) over, which was a great deal of work. Is there another way to do it that is less time consuming - without having to copy files? Are you not able to just change the domain name setting in WHM without having to copy the entire site over to a new directory on the server?

View 5 Replies View Related

Setting Up A Site In A .local Domain

Jun 10, 2008

I have a web server running Server 2003 and IIS6. I can access everything fine via IP. Now I want to have a domain name work with it.

The server is in a .local domain environment. Does anyone have any info on how I should setup DNS for the web server if the domain itself is not getting any DNS info from the outside?

Is it just a matter of adding new A and NS records or do I need to be in a FQDN domain for it to work?

View 4 Replies View Related

Redirect The Domain + Site Path

Jan 17, 2007

Is there a way that I could redirect total urls? By that I mean when someone goes to www.domain.com/whatever/file.php?id=345 they get redirected to www.anotherdomain.com/whatever/file.php?id=345

Im running apache 1.3

View 8 Replies View Related

Access DirectAdmin Site Without Domain - Possible With CPanel

Mar 7, 2009

I'm new to using directadmin and I've got a problem; I've not yet switched the DNS over to the directadmin server 'cause I want to make sure the sites work first, however I can't find how to view the sites. With cpanel you can go to http://192.168.1.1/~username (where 192.168.1.1 = IP of server and username is username of account).
is this possible with directadmin? I can't find anything about it, anywhere.

View 6 Replies View Related

Htaccess - Moving Site From Subdomain To New Domain

Oct 21, 2007

I have what I think is kind of a unique situation with a site move and Google is not turning up an answer that seems to work.

My site is currently in this format:

www.mydomain.com/site/file.html

And I am "moving" it but also switching from html to php, so the same file would be found at:

site.mydomain.com/file.php

I want to redirect users going to the old pages to their equivalent on the new site, however this is a little bit of a problem because this is a normal subdomain - it is the same directory as before but now there are php versions of the html files.

Right now I have all of the http files redirecting to their php equivilents, but I don't believe this is a desirable solution. Also it creates a problem when people go to www.mydomain.com/site (not indicating a specific file; just the subdir root) because I have www.mydomain.com/site/index.html redirecting to www.mydomain.com/site/index.php.

Quite a mess.

My first option is to put the redirects in the htaccess file on the "old" site. But is this a problem because there are over 500 pages on the site? Does it create a heavy server load because any requests force the server to serve a huge htaccess file?

The next alternative seems the most preferable although I'm not sure how to do it. It seems it could use wildcards so that anyone going to *.html gets directed to *.php or something like that. The only problem is that there are a small number of files that were removed completely and do not have php equivilants (about 5 or 6) and would need to redirect to the index.php in the root

View 14 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved